Hardware Net neutrality Security

Best Firmware For Your Router?

Routers traditionally come packed with firmware that is accessible and configured in GUI format. Often, the amount the user can configure is rather limited, and monitoring tools can be few and far between…or even non-existent!


By ‘flashing’ firmware onto your router, you can have more options to play with and make little tweaks that perhaps you couldn’t previously. Basically, you start off with your existing ‘stock’ firmware – stock firmware refers to the firmware shipped with your router.

Features they all have in common

Features Overview of the well-known custom firmwares

DD-WRT, OpenWRT & Tomato Features basically including:

  • Advanced QoS
  • VPN Support
  • Advanced Wireless Modes
  • Access Control
  • Traffic Analysis
  • Guest Networks
  • Advance Firewall options
  • …and more


DD-WRT is the most popular firmware – probably because it is relatively easy to install and configure. It also has a lot of features for most people out there. Only the biggest of tech-geeks out there would feel there needs to be more! It doesn’t install on as many different router models as OpenWRT but the aforementioned benefits most likely outweigh this for most router owners. The overall support is great because there lot of nerds in the forums.


In general, Tomato and its derivatives are for Broadcom routers. Tomato firmware is probably the easiest to use of the bunch the GUI menu system is relatively intuitive and lets the user get their hands dirty to a certain extent. But perhaps not as much as its counterparts. Yes, there are options to configure QoS and VPN. There’s also advanced firewall features and the ability to tweak access on a user level. A big plus is the monitoring tool. Tomato firmware actually monitors in real-time which could swing it for some. One downside is that Tomato is not compatible with as many routers as either OpenWRT or DDWRT and it’s not anymore under active development, of course there exist some forks but the project itself is dead, the successor seems ‘Shibby’.


OpenWRT is the original of the three and is once based on Linux. It was a command line only deal, but with LuCI or Gargoyle, there is now thankfully a GUI available. However OpenWRT is arguably the trickiest of the 3 to get up and running. Most importantly, you need to make sure you download the correct image file to install. OpenWRT has the same issue like Tomato, it’s about to die – the successor is LEDE.


SabaiOS is a Tomato fork created by Sabai Technology for use in its pre-flashed Routers with third-party VPN support. SabaiOS adds a number of features to Tomato like dual gateways and port forwarding. Their OpenVPN implementation requires only the configuration file from your VPN. If you buy a branded router for your VPN provider set up can be even easier.


In case that your router isn’t supported you could use PfSense or PC Engines APU2 (with e.g. OpenBSD) on your Rasperry Pi. If you only want to filter ads, I highly suggest you use a Pi-Hole.

After flashing the firmware I not getting a better Wifi signal

That’s normal! There myths telling you that newer hardware magically increase your range or WiFi signal – Wrong – But why? Cause there standards which prevent manufactures to use more energy. That said you signal strength never changes unless you would manipulate the energy, but what it can increase is the amount of data which are sent on the same signal. That means whenever you buy a new router you get more data on the same signal strength. If the signal is too low to reach all your devices you need to use a repeater.

What’s the best? – Which one should you choose?

It’s depending on what you define ‘best’, I define it by:

  1. Is your router supported? How well is the aftermarket firmware you flash documented?
  2. Did you checked the reviews/comments BEFORE you flashed the firmware to avoid a big surprise?
  3. Do you have problems with your stock firmware?
  4. What features you need?
  5. How complicated is the install/update process – are you able to understand it?
  6. Reliability – network stability both on cable and wireless and on the usb drive.
  7. Performance – network speed, very important also usb drive speed.
  8. Check your firmware for holes e.g. with a simple Port Scan. never trust something only based on reviews, make the check yourself! Don’t be lazy!
  9. If you are a buyer and you can choose, don’t buy Netgear, D-Link or LinkSys – ask yourself if you want to support them?
  10. Encryption is a must, it deters cybercriminals, rogue government, censorship, and protects the rights of free speech and privacy online once again. If your router doesn’t support basic things like allowing to use a VPN service/provider then go back to 9). and ask yourself again why you want to support it? Is it worth to buy hardware and then flash another firmware on it? Does it changes them to re-think about their products and how this helps others?!

My advise

My advice is to just avoid DD-WRT. The community is so hostile and unhelpful, the site and wiki full of conflicting information, and almost all builds for anything besides the old Linksys gear is in a real unstable state. It seems almost inevitable that DD-WRT will just result in bricking your router and having some forum asshole mock you for it.

Start with OpenWRT/LEDE if you’re a beginner (if possible). OpenWRT’s community is truly great, and the web interface (LuCI) used in the firmware has come on leaps and bounds in the past couple of years. 

There are plenty of tutorials available out there including You Tube videos if you really want to get your hands dirty with installation and setting up! – But I try to explain a basic setup during the x-mas days so that you guy have some visual guide.

2 replies on “Best Firmware For Your Router?”

Thanks mate. After reading this I think I might go with LEDE but I’m not sure.

Open source does not always mean secure. Especially if the project seems not well maintained. I checked every open source project for router firmware and their websites/forums deeply lack professionality. I don’t know how many people are testing their routers security but it can be less than ideal.

I mean I don’t know what to do mate. Gonna keep reading your posts. Have fun.


Right open source in general means nothing because we had that story and it never ended up well.

As mentioned, ask yourself it it’s really worth and if there problems with the current firmware – I think provider starting to listening and they adopt features which are needed today.

I’ll try to keep the topic Router + VPN on a focus, maybe it gets a mini series with some recommadations. But at the end no one can say what you ‘should’ use cause there several interest which we need to respect like organization background, documentation, support/community and more.

Thanks for the useful comments, I try to imprve the Blog/articles based on the feedback I get.


Comments are closed.